HjT-Logi

vapa · Dec 25, 2005

Tässäpäs olisi, tuntuu tökkivän tämä kone aika pahasti aina joskus jossain...

Logfile of HijackThis v1.99.1
Scan saved at 12:23:16, on 25.12.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\System32\keyhook.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\SYSTEM32\ATIPTAXX.EXE
C:\Topin kansio\AVPersonal\AVGNT.EXE
C:\Topin Kansio\realplayer\RealPlay.exe
C:\Topin Kansio\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\TOPIN KANSIO\AVPERSONAL\AVGUARD.EXE
C:\Topin kansio\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Topin kansio\dna Nettiturva\Anti-Virus\fsgk32st.exe
C:\Topin kansio\dna Nettiturva\Anti-Virus\FSGK32.EXE
C:\Topin kansio\dna Nettiturva\Anti-Virus\fssm32.exe
c:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Uniblue\WinBackup 2.0\wbscheds.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Topin kansio\dna Nettiturva\Common\FSMA32.EXE
C:\Topin kansio\dna Nettiturva\Common\FSMB32.EXE
C:\Topin kansio\dna Nettiturva\Common\FCH32.EXE
C:\Topin kansio\dna Nettiturva\Anti-Virus\fsav32.exe
C:\Topin kansio\dna Nettiturva\Common\FAMEH32.EXE
C:\Topin kansio\dna Nettiturva\DFW\Program\fsdfwd.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SpywareBlaster\spywareblaster.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Topin Kansio\winamp\winamp.exe
C:\Topin Kansio\SpeedFan\speedfan.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Topin Kansio\Hijack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI&c=Q404&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI&c=Q404&bd=pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dnainternet.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dnainternet.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI&c=Q404&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI&c=Q404&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI&c=Q404&bd=pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja dna Internet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: HP-näkymä - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [AtiPTA] C:\WINDOWS\SYSTEM32\ATIPTAXX.EXE
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [AVGCtrl] "C:\Topin kansio\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [RealTray] C:\Topin Kansio\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Topin Kansio\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Broken Internet access because of LSP provider 'xfire_lsp_10650.dll' missing
O14 - IERESET.INF: START_PAGE_URL=http://www.dnainternet.net
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAccessVerisign/ie/bridge-c18.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {CDCBE0F1-D13A-4F86-A963-3A272D3ABA7E} (VacPro.internazionale_ver15) - http://advnt01.com/dialer/internazionale_ver15.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{4C9FDF36-A23D-44BD-B779-D192DCDB1534}: NameServer = 212.116.32.218 212.116.32.222
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: msctl32.dll - C:\WINDOWS\System32\msctl32.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\TOPIN KANSIO\AVPERSONAL\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Topin kansio\AVPersonal\AVWUPSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Topin kansio\dna Nettiturva\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Authentication Agent (FSAA) - Unknown owner - C:\Topin kansio\dna Nettiturva\Common\FSAA.EXE (file missing)
O23 - Service: F-Secure Distributed Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Topin kansio\dna Nettiturva\DFW\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Topin kansio\dna Nettiturva\Common\FSMA32.EXE
O23 - Service: iPod-palvelu (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus -ohjelman automaattinen suojaus (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WinBackup Scheduler (WinbackupScheduler) - Unknown owner - C:\Program Files\Uniblue\WinBackup 2.0\wbscheds.exe

-kemisti- · Dec 25, 2005

Onko sulla 3 antivirusta käynnissä? Dna nettiturva, Norton ja AntiVir. Vain yksi noista käyttöön, poista muut(ainakin AntiVir, jos Nortonista ei antivirusta koneella). Se jo aiheuttaa tökkimistä. Mutta on siellä muutakin.

Sammuta ensin tuo -> TeaTimer.exe, ettei estä fixejä

Fixaa nämä (do a system scan only, merkkaa ja paina fix checked):

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O2 - BHO: (no name) - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAccessVerisign/ie/bridge-c...
O16 - DPF: {CDCBE0F1-D13A-4F86-A963-3A272D3ABA7E} (VacPro.internazionale_ver15) - http://advnt01.com/dialer/internazionale_ver15.CAB
O20 - Winlogon Notify: msctl32.dll - C:\WINDOWS\System32\msctl32.dll

Hae ewido -> http://www.ewido.net/en/download

Asenna ja päivitä se.

Laita piilotiedostot näkyviin, ohje ->
http://keskustelu.afterdawn.com/thread_view.cfm/248944

Käynnistä vikasietotilaan (F8 käynnistyksen yhteydessä) ja poista:

C:\WINDOWS\System32\==>msctl32.dll<==

Skannaa ewidolla siellä vikasietotilassa. Anna poistaa, mitä löytää ja tallenna raportti. Käynnistä kone uudelleen. Lähetä uusi HjT-loki ja ewidon raportti tänne.

vapa · Dec 25, 2005

Tuo DNA Nettiturvaa ei pitäis olla enään(?) mutta tuossa on nyt tuo uusi logi:
Logfile of HijackThis v1.99.1
Scan saved at 16:17:54, on 25.12.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\System32\keyhook.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\SYSTEM32\ATIPTAXX.EXE
C:\Topin kansio\AVPersonal\AVGNT.EXE
C:\Topin Kansio\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\spoolsv.exe
C:\TOPIN KANSIO\AVPERSONAL\AVGUARD.EXE
C:\Topin kansio\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Topin kansio\dna Nettiturva\Anti-Virus\fsgk32st.exe
C:\Topin kansio\dna Nettiturva\Anti-Virus\FSGK32.EXE
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
c:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Topin kansio\dna Nettiturva\Anti-Virus\fssm32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Uniblue\WinBackup 2.0\wbscheds.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Topin kansio\dna Nettiturva\Common\FSMA32.EXE
C:\Topin kansio\dna Nettiturva\Common\FSMB32.EXE
C:\Topin kansio\dna Nettiturva\Common\FCH32.EXE
C:\Topin kansio\dna Nettiturva\Common\FAMEH32.EXE
C:\Topin kansio\dna Nettiturva\Anti-Virus\fsav32.exe
C:\Topin kansio\dna Nettiturva\DFW\Program\fsdfwd.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Topin Kansio\Hijack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI&c=Q404&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI&c=Q404&bd=pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dnainternet.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dnainternet.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI&c=Q404&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI&c=Q404&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI&c=Q404&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja dna Internet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: HP-näkymä - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [AtiPTA] C:\WINDOWS\SYSTEM32\ATIPTAXX.EXE

Ja sitten vielä se ewidon:
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 16:01:15, 25.12.2005
+ Report-Checksum: F9DDA1FE

+ Scan result:

:mozilla.168:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.169:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.170:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.171:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.172:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.173:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.174:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.175:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.176:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.179:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.184:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.185:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.186:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.187:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.188:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.189:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.198:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.242:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.256:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.257:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.266:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.267:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.268:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.269:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.270:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.271:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.272:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.273:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.289:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Trafic : Cleaned with backup
:mozilla.306:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.322:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.323:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.339:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.340:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.344:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.345:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.346:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.347:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.348:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.395:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.431:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Counted : Cleaned with backup
:mozilla.484:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Masterstats : Cleaned with backup
:mozilla.485:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Cqcounter : Cleaned with backup
:mozilla.492:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.494:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.495:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.496:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.498:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.499:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.500:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.501:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.502:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.503:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.504:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.505:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.509:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.512:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.513:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.514:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.515:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.518:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.519:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.520:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.521:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.523:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.530:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.538:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.247realmedia : Cleaned with backup
:mozilla.559:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.560:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.564:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.565:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.575:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.580:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.581:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\HP_Omistaja\Cookies\hp_omistaja@statcounter[2].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Documents and Settings\HP_Omistaja\Local Settings\Temp\Rar$EX00.422\crack.exe -> Downloader.PassAlert.e : Cleaned with backup
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll -> Logger.Small.dg : Cleaned with backup
C:\RECYCLER\S-1-5-21-331270661-2898961560-457879433-1007\Dc15567.tmp -> Spyware.180Solutions : Cleaned with backup
C:\WINDOWS\hosts -> Trojan.Qhost.el : Cleaned with backup
C:\WINDOWS\kl.exe -> Logger.Small.dg : Cleaned with backup
C:\WINDOWS\toolbar.exe -> Downloader.Adload.j : Cleaned with backup

Tulipas tekstiä, noo, mutta jospa nyt on vähän paremmin nuo asia tällä koneella, ku mitä luin tuosta ewidon raportista..

-kemisti- · Dec 25, 2005

DNA nettiturva on ainakin koko ajan päällä Laita uusi HjT-loki, tuo ei ole kokonainen. Poistetaan se dna nettiturva sitten, jos ei ole enää voimassa tms. Ja suurin osa ewidon löydöistä oli vain evästeitä, tosin yksi vaatii lisätoimenpiteitä:

Hae hoster ->
http://www.funkytoad.com/download/hoster.zip

Pura zippi ja tuplaklikkaa hoster.exe

Paina "Restore original hosts" ja ok.

vapa · Dec 25, 2005

Ei ollut kokonainen? no tässä on uusi:

Logfile of HijackThis v1.99.1
Scan saved at 16:36:57, on 25.12.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\System32\keyhook.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\SYSTEM32\ATIPTAXX.EXE
C:\Topin kansio\AVPersonal\AVGNT.EXE
C:\Topin Kansio\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\spoolsv.exe
C:\TOPIN KANSIO\AVPERSONAL\AVGUARD.EXE
C:\Topin kansio\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Topin kansio\dna Nettiturva\Anti-Virus\fsgk32st.exe
C:\Topin kansio\dna Nettiturva\Anti-Virus\FSGK32.EXE
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
c:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Topin kansio\dna Nettiturva\Anti-Virus\fssm32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Uniblue\WinBackup 2.0\wbscheds.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Topin kansio\dna Nettiturva\Common\FSMA32.EXE
C:\Topin kansio\dna Nettiturva\Common\FSMB32.EXE
C:\Topin kansio\dna Nettiturva\Common\FCH32.EXE
C:\Topin kansio\dna Nettiturva\Common\FAMEH32.EXE
C:\Topin kansio\dna Nettiturva\Anti-Virus\fsav32.exe
C:\Topin kansio\dna Nettiturva\DFW\Program\fsdfwd.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Topin Kansio\winamp\winamp.exe
C:\Program Files\ewido anti-malware\securitysuite.exe
C:\Topin Kansio\winRar\WinRAR.exe
C:\Topin Kansio\Hijack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI&c=Q404&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI&c=Q404&bd=pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dnainternet.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dnainternet.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI&c=Q404&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI&c=Q404&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI&c=Q404&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja dna Internet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: HP-näkymä - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [AtiPTA] C:\WINDOWS\SYSTEM32\ATIPTAXX.EXE
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [AVGCtrl] "C:\Topin kansio\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [RealTray] C:\Topin Kansio\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Topin Kansio\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Broken Internet access because of LSP provider 'xfire_lsp_10650.dll' missing
O14 - IERESET.INF: START_PAGE_URL=http://www.dnainternet.net
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {CDCBE0F1-D13A-4F86-A963-3A272D3ABA7E} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{4C9FDF36-A23D-44BD-B779-D192DCDB1534}: NameServer = 212.116.32.218 212.116.32.222
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\TOPIN KANSIO\AVPERSONAL\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Topin kansio\AVPersonal\AVWUPSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Topin kansio\dna Nettiturva\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Authentication Agent (FSAA) - Unknown owner - C:\Topin kansio\dna Nettiturva\Common\FSAA.EXE (file missing)
O23 - Service: F-Secure Distributed Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Topin kansio\dna Nettiturva\DFW\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Topin kansio\dna Nettiturva\Common\FSMA32.EXE
O23 - Service: iPod-palvelu (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus -ohjelman automaattinen suojaus (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WinBackup Scheduler (WinbackupScheduler) - Unknown owner - C:\Program Files\Uniblue\WinBackup 2.0\wbscheds.exe

Onko tämä kelvollinen?

-kemisti- · Dec 25, 2005

Joo, se on hyvä.

Fixaa nämä:

O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O2 - BHO: (no name) - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - (no file)

Teit varmaan tuon hoster-jutun jo?

Oletko täysin varma, että dna nettiturva ei ole enää voimassa ja et halua, että se on käytössä? Katsopa, onko sitä siellä lisää/poista sovellus-kohdassa (ohjauspaneeli) ja poista se sitä kautta.

Käynnistä kone uudelleen ja lähetä uusi HjT-loki.

vapa · Dec 25, 2005

Juu, tein sen... Olen varma, että sen voi poistaa, kun tuo DNA Nettiturva oli semmoinen kokeilu versio minkä latasin netistä...
Tässä uusi logi:

Logfile of HijackThis v1.99.1
Scan saved at 17:36:32, on 25.12.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\System32\keyhook.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\SYSTEM32\ATIPTAXX.EXE
C:\Topin kansio\AVPersonal\AVGNT.EXE
C:\Topin Kansio\realplayer\RealPlay.exe
C:\Topin Kansio\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\TOPIN KANSIO\AVPERSONAL\AVGUARD.EXE
C:\Topin kansio\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Topin kansio\dna Nettiturva\Anti-Virus\fsgk32st.exe
C:\Topin kansio\dna Nettiturva\Anti-Virus\FSGK32.EXE
C:\Topin kansio\dna Nettiturva\Anti-Virus\fssm32.exe
c:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Uniblue\WinBackup 2.0\wbscheds.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Topin kansio\dna Nettiturva\Common\FSMA32.EXE
C:\Topin kansio\dna Nettiturva\Common\FSMB32.EXE
C:\Topin kansio\dna Nettiturva\Common\FCH32.EXE
C:\Topin kansio\dna Nettiturva\Common\FAMEH32.EXE
C:\Topin kansio\dna Nettiturva\Anti-Virus\fsav32.exe
C:\Topin kansio\dna Nettiturva\DFW\Program\fsdfwd.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Topin Kansio\Hijack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI&c=Q404&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI&c=Q404&bd=pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dnainternet.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dnainternet.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI&c=Q404&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI&c=Q404&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI&c=Q404&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja dna Internet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: HP-näkymä - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [AtiPTA] C:\WINDOWS\SYSTEM32\ATIPTAXX.EXE
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [AVGCtrl] "C:\Topin kansio\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [RealTray] C:\Topin Kansio\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Topin Kansio\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Broken Internet access because of LSP provider 'xfire_lsp_10650.dll' missing
O14 - IERESET.INF: START_PAGE_URL=http://www.dnainternet.net
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {CDCBE0F1-D13A-4F86-A963-3A272D3ABA7E} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{4C9FDF36-A23D-44BD-B779-D192DCDB1534}: NameServer = 212.116.32.218 212.116.32.222
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\TOPIN KANSIO\AVPERSONAL\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Topin kansio\AVPersonal\AVWUPSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Topin kansio\dna Nettiturva\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Authentication Agent (FSAA) - Unknown owner - C:\Topin kansio\dna Nettiturva\Common\FSAA.EXE (file missing)
O23 - Service: F-Secure Distributed Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Topin kansio\dna Nettiturva\DFW\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Topin kansio\dna Nettiturva\Common\FSMA32.EXE
O23 - Service: iPod-palvelu (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus -ohjelman automaattinen suojaus (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WinBackup Scheduler (WinbackupScheduler) - Unknown owner - C:\Program Files\Uniblue\WinBackup 2.0\wbscheds.exe

Kun silmäilin tuota niin tuolla näytti taas olevan nuo, mitkä piti juuri fiksailla..? Niin ja sitten välillä tämä kone menee silleen käynnistyksessä että se normaalisti muuten aukee, siis tuo windows, mutta sitten en voi aukaista mitään kansiota tai käynnistä valikkoja... Mutta joskus se sitten käynnistyy ongelmitta...

-kemisti- · Dec 25, 2005

En ole varma, miks nuo eivät lähde. Johtunee tuosta TeaTimeristä. Kokeile ottaa se Spybotin asetuksista pois päältä ja fixaa sitten nuo rivit. Poista sitten se dna nettiturva ohjauspaneelin kautta ja lähetä uusi HjT-loki, niin katotaan, lähtikö se pois.

vapa · Dec 25, 2005

Joo, ensin unohin ottaa sen teatimerin pois päältä, mutta sitten otisella yrittämällä otin sen pois päältä ja fixasin ne, mutta silti ne oli siellä... Niin ja unohin sanoa, että joskus aikoinaan poistin sen DNA Nettiturvan sieltä Lisää ja poista valikosta... Mutta tuollahan tuo vieläkin on...oon voinut poistaa sen jotenkin väärin... Eli sitä DNA Nettiturvaa ei löydy sieltä lisää ja poista valikosta.

-kemisti- · Dec 25, 2005

Ok, tehdään sitten näin.

Fixaa nämä rivit:

O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Topin kansio\dna Nettiturva\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Authentication Agent (FSAA) - Unknown owner - C:\Topin kansio\dna Nettiturva\Common\FSAA.EXE (file missing)
O23 - Service: F-Secure Distributed Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Topin kansio\dna Nettiturva\DFW\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Topin kansio\dna Nettiturva\Common\FSMA32.EXE

Sitten käynnistä -> suorita -> services.msc. Etsi listalta nämä:

F-Secure Gatekeeper Handler Starter
F-Secure Authentication Agent (FSAA)
F-Secure Distributed Firewall Daemon
F-Secure Management Agent (FSMA)

Tuplaklikkaa niitä, paina seis ja valitse käynnistymistavaksi "ei käytössä".

Käynnistä vikasietotilaan (F8 käynnistyksen yhteydessä)

Poista tämä hakemisto:

C:\Topin kansio\==>dna Nettiturva<==

Fixaa nämä:

O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O2 - BHO: (no name) - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - (no file)

Käynnistä kone uudelleen.

Hae ccleaner -> http://www.ccleaner.com (tai jos sulla on esim. EasyCleaner, niin voit käyttää myös sitä) ja putsaa rekisteri sillä (ota ensin rekisteristä varmuuskopio, ccleaner kysyy sitä itse, EasyCleanerista en tiedä).

Lähetä uusi HjT-loki.

vapa · Dec 25, 2005

Se ei ruvennut suostumaan poistaa sitä Dna Nettiturva kansiota, siihen tuli joku herjaus... Mutta tässä uusi loki:

Logfile of HijackThis v1.99.1
Scan saved at 20:08:06, on 25.12.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\System32\keyhook.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\SYSTEM32\ATIPTAXX.EXE
C:\Topin kansio\AVPersonal\AVGNT.EXE
C:\Topin Kansio\realplayer\RealPlay.exe
C:\Topin Kansio\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Messenger\msmsgs.exe
C:\TOPIN KANSIO\AVPERSONAL\AVGUARD.EXE
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Topin kansio\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\CTSvcCDA.EXE
c:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Uniblue\WinBackup 2.0\wbscheds.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Topin Kansio\Hijack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI&c=Q404&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI&c=Q404&bd=pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dnainternet.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dnainternet.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI&c=Q404&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI&c=Q404&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI&c=Q404&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja dna Internet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: HP-näkymä - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [AtiPTA] C:\WINDOWS\SYSTEM32\ATIPTAXX.EXE
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [AVGCtrl] "C:\Topin kansio\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [RealTray] C:\Topin Kansio\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Topin Kansio\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Broken Internet access because of LSP provider 'xfire_lsp_10650.dll' missing
O14 - IERESET.INF: START_PAGE_URL=http://www.dnainternet.net
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {CDCBE0F1-D13A-4F86-A963-3A272D3ABA7E} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{4C9FDF36-A23D-44BD-B779-D192DCDB1534}: NameServer = 212.116.32.218 212.116.32.222
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\TOPIN KANSIO\AVPERSONAL\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Topin kansio\AVPersonal\AVWUPSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: iPod-palvelu (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus -ohjelman automaattinen suojaus (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WinBackup Scheduler (WinbackupScheduler) - Unknown owner - C:\Program Files\Uniblue\WinBackup 2.0\wbscheds.exe

Jokohan nytten se rupeis näyttämään paremmalta?

-kemisti- · Dec 25, 2005

No ei ainakaan dna nettiturva enää käynnisty Yrititkö varmasti poistaa sitä kansiota vikasietotilassa? Ja sen AntiVirin voit vielä poistaa, jos Norton AntiVirus on ajan tasalla.

vapa · Dec 25, 2005

Joo yritin, mutta no eipähän enään se ole turhana haittana(nähtävästi). Mutta, niin siksi mulla on tuokin Antivir päällä ku tuon Nortonin päivitysmahdollisuus ilmaiseksi loppui jo noin vuosi sitten Mutta suurin kiitos avustasi, ja olen tässä huomannut, että koneeni on nopeutunut huomattavasti tämän prosessin jälkeen. Kiitän ja kuittaan!

-kemisti- · Dec 25, 2005

Selvä. Sitten kannattaa harkita koko Nortonin poistoa ja jonkun ilmaisen palomuurin laittamista tilalle (Sygate, kerio, zonealarm). Tällöin kone nopeutuisi entisestään. Ole hyvä

aaxxeell · Dec 25, 2005

Todellakin se Norton nyt pois kun sillä et tee yhtään mitään.

Ilmaisia palomuuja löytyy tästä -> http://keskustelu.afterdawn.com/thread_view.cfm/162275

Muistahan nyt vaan se kultainen sääntö koneissa:
[bold] 1 palomuuri
1 antivirus ohjelma
2- antispyware ohjelmaa[/bold]

Log in or Sign up

HjT-Logi

vapa Guest

-kemisti- Active member

vapa Guest

-kemisti- Active member

vapa Guest

-kemisti- Active member

vapa Guest

-kemisti- Active member

vapa Guest

-kemisti- Active member

vapa Guest

-kemisti- Active member

vapa Guest

-kemisti- Active member

aaxxeell Regular member

Share This Page

Log in or Sign up

HjT-Logi

vapa Guest

-kemisti- Active member

vapa Guest

-kemisti- Active member

vapa Guest

-kemisti- Active member

vapa Guest

-kemisti- Active member

vapa Guest

-kemisti- Active member

vapa Guest

-kemisti- Active member

vapa Guest

-kemisti- Active member

aaxxeell Regular member

Share This Page

Useful Searches